add Access-Control-Allow-Credentials for simple requests too

winixd/core/request.cpp

@@ -1531,15 +1531,27 @@ void Request::PrepareSessionCookie()
 }
 
 
-void Request::CheckOriginHeader()
+// preflight request are tested in function->MakeOption()
+void Request::CheckCorsHeaders()
 {
 	pt::Space * origin = headers_in.get_space_nc(L"Origin");
 
-	if( origin && origin->is_wstr() && !out_headers.has_key(Header::access_control_allow_origin) )
+	if( origin && origin->is_wstr() && function )
 	{
-		if( function && function->IsCorsOriginAvailable(*origin->get_wstr()) )
+		if( !out_headers.has_key(Header::access_control_allow_origin) )
 		{
-			function->AddAccessControlAllowOriginHeader(*origin->get_wstr());
+			if( function->IsCorsOriginAvailable(*origin->get_wstr()) )
+			{
+				function->AddAccessControlAllowOriginHeader(*origin->get_wstr());
+			}
+		}
+
+		if( !out_headers.has_key(Header::access_control_allow_credentials) )
+		{
+			if( function->AreCorsCredentialsAvailable() )
+			{
+				function->AddAccessControlAllowCredentialsHeader();
+			}
 		}
 	}
 }
@@ -1549,7 +1561,7 @@ void Request::CheckOriginHeader()
 void Request::PrepareHeaders(bool compressing, int compress_encoding, size_t output_size)
 {
 	PrepareSessionCookie();
-	CheckOriginHeader();
+	CheckCorsHeaders();
 
 	if( send_as_attachment )
 	{

winixd/core/request.h

@@ -595,7 +595,7 @@ private:
 	int SelectDeflateVersion();
 	void SelectCompression(size_t source_len, bool & compression_allowed, int & compression_encoding);
 	void PrepareSessionCookie();
-	void CheckOriginHeader();
+	void CheckCorsHeaders();
 	void PrepareHeaders(bool compressing, int compress_encoding, size_t output_size);
 	void ModifyStatusForRedirect();
 	void PrepareSendFileHeaderForStaticMountpoint();